×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
cscchen
New Member
Member since: ‎04-15-2013
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-15-2013
View All

create alert when http error code from a given IP ...

by in Alerting
‎06-06-2013 11:02 PM
‎06-06-2013 11:02 PM
Hi, I'd like to create alert for the following scenario: in http access log, we have different return codes 2xx,3xx,4xx,5xx, etc. I'd like to get an alert when within a 10 minutes windows, the returned code 4xx for an source IP is higher than 10%. The alert will include all the source IPs that meet the percentage requirement as well as the percentage of 4xx. The alert would show sth. like the following: source ip percentage of 4xx a.b.c.d 20% x.x.x.x 13% One difficulty here is that new IPs keep showing up. Would really appreciate if anyone can help. Thanks. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM